Exposed Lexmark data included Social Security numbers

February 15, 2008

By Scott Sloan

The employee personal data inadvertently exposed by Lexmark International included Social Security numbers and dates of birth, according to a company memo obtained by the Herald-Leader.

That information, along with names and addresses, was accessed by two unknown parties when the data was loaded to a company file sharing site in late January.

Both current and former employees, including at least one who left the firm a decade ago, had their data exposed. The company said it had retained that data on former employees for "a variety of legal, tax and other reasons."

The company did not say how many employees were affected.

Lexmark had declined to publicly identify the type of disclosed data on Thursday.

"We're just trying to act from an abundance of caution," said spokeswoman Barbara Leary. "We don't know exactly what the situation is, and we take this very seriously."

In its note to those affected, the company said it has traced the IP addresses of the two parties who accessed the data, but their Internet service provider has not divulged their identities.

Affected employees are being offered free credit-monitoring insurance and identity-theft insurance for a year.

The company said in the note that it thinks "one year of credit monitoring is appropriate in connection with this incident."

"We will continue to investigate and watch for any activity that suggests unauthorized use of the information. If new facts present themselves, we will reassess the situation."

main page ATTRITION feedback